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1 . Amended claims 1-12 and new claim 1 3 are pending. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-12 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

3. Claims 8,10 are rejected under 35 U.S.C. 112, first paragraph, because the best 
mode contemplated by the inventor has not been disclosed. Evidence of concealment 
of the best mode is based upon (i.e.: the particular entity may not perform the given 
action). 

Claims 8,10 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. 

Claims 8,10 contain the negative limitation. 

Any negative limitation or exclusionary proviso must have basis in the original 
disclosure. If alternative elements are positively recited in the specification, they may be 
explicitly excluded in the claims. See In re Johnson, 558 F.2d 1008, 1019, 194 USPQ 187, 196 
(CCPA 1977) ("[the] specification, having described the whole, necessarily described the part 
remaining."). See also Ex parte GrassellU 23 1 USPQ 393 (Bd. App. 1983), off 'd mem., 738 
F.2d 453 (Fed. Cir. 1984). The mere absence of a positive recitation is not basis for an exclusion. 
Any claim containing a negative limitation which does not have basis in the original disclosure 
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should be rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the written 
description requirement. Note that a lack of literal basis in the specification for a negative 
limitation may not be sufficient to establish a prima facie case for lack of descriptive support. Ex 
parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 1993). See MPEP § 2163 - § 
2163.07(b) for a discussion of the written description requirement of 35 U.S.C. 1 12, first 
paragraph. 

4. Claims 8,10 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention (i.e.: a further condition may be associated in the 
database with the given policy). 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-13 are rejected under 35 U.S.C. 102(e) as anticipated by Shah et al 
[Shah, 6,678,835 B1]. 

5. As per claim 1 , Shah discloses A policy enforcement system for enforcing 
policies defining what actions belonging to a first type thereof first entities (i.e.: a first 
edge device and a first network) defined in a computer system may perform on second 
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entities defined (i.e.: a second edge device and a second network) in the computer 
system [Shah, a first edge device and a first network; a second edge device and a 
second network; a policy server; col 1 lines 60-col 2 line 32], the policy enforcement 
system being of the type that includes 

a policy server including a policy database of the policies [Shah, a policy server 
database, col 4 lines 14-32]; and 

a policy enforcer that controls performance of the first type of action and is 
capable of communicating a request to perform an action of the first type to the policy 
server [Shah, a policy enforcer, col 4 lines 33-43; service type, col 10 lines 23-30;col 18 
line s30-58], the policy enforcer permitting performance of the action only if a response 
from the policy server indicates that the policies permit the action [Shah, access 
permission, col 4 lines 33-43; col 6 lines 14-32; col 12 lines 37-43] and the policy 
enforcement system being characterized in that: 

the policy database is extensible to include policies for actions belonging to 
an additional type thereof and the policy enforcement system is thereby extensible to 
include, an additional policy enforcer which controls performance of actions of the 
additional type [Shah, extensible fashion, col 6 lines 33-42; additional information of 
service type, col 10 lines 22-30; col 15 I ines 47-54; new entry is added, col 16 lines 24- 
32;additional field based on the type of service, other types of modifications, col 18 line 
65-coM9line10]. 
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6. As per claim 2, Shah discloses the policy database is of the class wherein 
policies are defined in terms of sets of the first entities and sets of the second entities 
and the policy database is further extensible to include an additional type of the first 
entities and/or an additional type of the second entities [Shah, extensible fashion, col 6 
lines 33-42; additional information of service type, col 10 lines 22-30; additional field 
based on the type of service, other types of modifications, col 18 line 65-col 19 line 10]. 

7. As per claim 3, Shah discloses an action attribute may be associated in the 
database with a set of the first entities and/or a set of the second entities, the action 
attribute specifying a manner in which an action specified in a given policy is to be 
performed as regards entities in the set of first entities and/or entities in the set of 
second entities [Shah, col 10 lines 52-60; col 1 1 lines 12-24]. 

8. As per claim 4, Shah discloses the database is further extensible to include an 
additional type of action attributes [Shah, attributes, col 9 lines 35-40; col 10 line 1 col 1 1 
line 67; col 19 lines 50-67; col 21 line 1-60]. 

9. As per claim 5, Shah discloses the additional policy enforcer controls 
performance of actions at a level of the computer system which is different from that at 
which the policy enforcer controls performance of actions [Shah, a quality of service 
level, col 17 lines 11-25]. 
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10. As per claim 6, Shah discloses at least one of the policy enforcers is at a location 
in the computer system that is remote from the policy server [Shah, a remote VPN 
client, col 3 lines 50-64]. 

11. As per claim 7, Shah discloses the policy enforcer controls a second entity that is 
not part of the computer system [Shah, an external host, external device, col 10 lines 1- 
14]. 



12. As per claim 8, Shah discloses A policy database that is implemented in a data 
storage device that is accessible to a processor and that belongs to the class of policy 
databases class wherein policies are defined in terms of sets of first entities, sets of 
second entities, and actions, a given policy defining a given action which an entity 
belonging to a given set of the first entities may perform on an entity belonging to a 
given set of the second entities [Shah, a first edge device and a first network; a second 
edge device and a second network; a policy server; col 1 lines 60-col 2 line 32] and the 
policy database being characterized in that: 

a further condition may be associated in the database with the given policy, the 
action the processor responding to a request to determine whether a particular entity 
belonging to the set of first entities to which the given policy applies to may perform the 
given action on a particular entity belonging to the set of second entities to which the 
given policy applies by determining that the particular entity may not perform the given 
action if the further condition is not satisfied at the time the processor responds to the 
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request [Shah, extensible fashion, col 6 lines 33-42; additional information of service 
type, col 10 lines 22-30;additional field based on the type of service, other types of 
modifications, col 18 line 65-col 19 line 10]. 

13. As per claim 9, Shah discloses the further condition is a time interval 
specification associated with the given policy, the time interval specification specifying 
an interval of time during which entities belonging to the given set of first entities 
specified in the given policy may perform the given action specified therein on entities 
belonging to the given set of second entities specified therein. 

14. As per claim 10, Shah discloses A policy database that is implemented in a data 
storage device that is accessible to a processor and that belongs to the class of policy 
databases wherein policies are defined in terms of sets of first entities, sets 

of second entities, and actions, a given policy defining a given action which an entity 
belonging to a given set of the first entities may perform on an entity belonging to a 
given set of the second entities [Shah, a first edge device and a first network; a second 
edge device and a second network; a policy server; col 1 lines 60-col 2 line 32] and the 
policy database being characterized in that: 

an action attribute may be associated in the database with the given set of first 
entities and/or the given set of second entities, the action attribute specifying a manner 
in which the given action specified in the given policy is to be performed, the 
processor responding to a request to determine whether a particular entity may 
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perform an action to which the given policy applies in a particular manner by 
determining that the requesting entity may not perform the action unless the particular 
manner is the manner specified by the action attribute [Shah, extensible fashion, col 6 
lines 33-42; additional information of service type, col 10 lines 22-30;additional field 
based on the type of service, other types of modifications, col 18 line 65-col 19 line 10]. 

15. As per claim 1 1 , Shah discloses the database is extensible to include new types 
of action attributes [Shah, extensible fashion, col 6 lines 33-42; additional information of 
service type, col 10 lines 22-30; additional field based on the type of service, other types 
of modifications, col 18 line 65-col 19 line 10]. 

16. As per claim 12, Shah discloses an action attribute condition may be associated 
in the database with an action attribute for the given policy, the action attribute condition 
determining whether a requesting entity belonging to the given set of first entities can 
perform the given action as specified in the action attribute on an entity in the given set 
of second entities at the time the requesting entity makes the request [Shah, col 24 line 
51- col 26 line 54]. 

17. As per claim 13, Shah discloses the additional type of action is defined by a user 
of the policy enforcement system; and the policy enforcement system includes a user 
interface for extending the policy database by adding the user-defined additional type of 
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action thereto [Shah, new user and defining various attributes of the user, col 9 lines 35- 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jack Harvey, can be reached at (571 ) 272-3896. The fax number for the 
organization where this application or proceeding is assigned is 703-872-9306 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval IPAIRI system. Status information for published 
applications may be obtained from either Private PMR or Public PMR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Thong Vu 
Patent Examiner 
Art Unit 2142 



40]. 




